If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

From what we have researched some of them are trying to open sites that either download dodgy programs or in some way try to compromise the site or the viewer.

We have this happen several times a week, not sure if a php script we have installed is somehow compromised and people are exploiting it but here is our site http://www.MyLifestyleSavings.com i am helping build it for someone and they have notified me about the problem and im at a loss.

First thing is to change all your passwords on the server (including FTP users), making sure you use "strong" passwords for the new ones.

Any directory that does not need to have files written to it by your PHP scripts should have its permissions set so that only the owner (you) has write permission. The corollary is to try to avoid having any sensitive scripts in world-writable directories. (So in other words, make a separate directory for things like file uploads, and leave all your script/include directories read-only for the world.)

Review all your scripts for anywhere that you use user inputs to select files that get included (or worse, executed). If you have control of your PHP settings via php.ini or .htaccess, at the very least turn off allow_url_include, and consider turning off allow_url_fopen if you don't need it.

Review your Apache access logs if you have access to them, and look for things where the URL includes external URLs in the query string, or "../../" type of directory strings trying to move up the directory tree and read something on the server. These may point you toward a script that someone has found a hole in.